Configuration

The PromptGuard CLI stores configuration in .promptguard.json at your project root.

Configuration File

Location

your-project/
├── .promptguard.json  ← Configuration file
├── .env               ← API key stored here
├── src/
│   └── *.ts          ← Modified files
└── *.bak             ← Backup files

Structure

.promptguard.json

{
  "version": "1.0",
  "api_key": "pg_sk_test_xxxxx",
  "project_id": null,
  "proxy_url": "https://api.promptguard.co/api/v1",
  "providers": ["openai", "anthropic"],
  "exclude_patterns": [
    "**/*.test.js",
    "**/*.test.ts",
    "**/node_modules/**",
    "**/dist/**"
  ],
  "backup_enabled": true,
  "backup_extension": ".bak",
  "env_file": ".env",
  "env_var_name": "PROMPTGUARD_API_KEY",
  "enabled": true,
  "metadata": {
    "cli_version": "2.0.0",
    "files_managed": ["src/ai.ts", "lib/chat.ts"],
    "last_applied": "2024-10-17T10:30:00Z"
  }
}

Configuration Options

Core Settings

version

Type: string Default: "1.0" Description: Configuration schema version

"version": "1.0"

api_key

Type: string Required: Yes Description: Your PromptGuard API key

"api_key": "pg_sk_test_xxxxx"

Never commit .promptguard.json to version control if it contains your API key. Use .env instead.

proxy_url

Type: string Default: "https://api.promptguard.co/api/v1" Description: PromptGuard proxy endpoint URL

"proxy_url": "https://api.promptguard.co/api/v1"

For custom deployment:

"proxy_url": "https://custom.example.com/proxy"

providers

Type: string[] Default: Auto-detected Description: LLM providers to configure

"providers": ["openai", "anthropic", "cohere", "huggingface"]

Supported: openai, anthropic, cohere, huggingface

enabled

Type: boolean Default: true Description: Whether PromptGuard is currently active

"enabled": true

Controlled by promptguard disable / promptguard enable

Backup Settings

backup_enabled

Type: boolean Default: true Description: Whether to create backup files

"backup_enabled": true

Disabling backups means you can’t revert changes. Not recommended.

backup_extension

Type: string Default: ".bak" Description: Extension for backup files

"backup_extension": ".bak"

Backups saved as: file.ts.bak

Environment Settings

env_file

Type: string Default: ".env" Description: Environment file for API key

"env_file": ".env"

For custom location:

"env_file": ".env.local"

env_var_name

Type: string Default: "PROMPTGUARD_API_KEY" Description: Environment variable name for API key

"env_var_name": "PROMPTGUARD_API_KEY"

For custom name:

"env_var_name": "PG_KEY"

Exclusion Patterns

exclude_patterns

Type: string[] Default: See below Description: Glob patterns for files to exclude from scanning

"exclude_patterns": [
  "**/*.test.js",
  "**/*.test.ts",
  "**/*.spec.js",
  "**/*.spec.ts",
  "**/node_modules/**",
  "**/dist/**",
  "**/__tests__/**",
  "**/.venv/**",
  "**/venv/**"
]

Add custom patterns:

"exclude_patterns": [
  "**/*.test.*",
  "**/build/**",
  "**/vendor/**"
]

Manual Configuration

You can manually edit .promptguard.json for advanced customization.

Example: Custom Proxy URL

{
  "proxy_url": "https://proxy.mycompany.com/llm",
  "env_var_name": "COMPANY_LLM_KEY"
}

Then re-apply:

promptguard apply

Example: Multiple Providers

{
  "providers": ["openai", "anthropic", "cohere"],
  "proxy_url": "https://api.promptguard.co/api/v1"
}

Example: Custom Excludes

{
  "exclude_patterns": [
    "**/*.test.*",
    "**/tests/**",
    "**/fixtures/**",
    "**/mocks/**",
    "**/coverage/**"
  ]
}

Environment Variables

`.env` File

The CLI stores your API key in .env:

.env

PROMPTGUARD_API_KEY=pg_sk_test_xxxxx

Add .env to .gitignore to avoid committing secrets:

echo ".env" >> .gitignore

Alternative: Shell Environment

Instead of .env, you can use shell environment variables:

export PROMPTGUARD_API_KEY=pg_sk_test_xxxxx
promptguard init

Version Control

Recommended `.gitignore`

.gitignore

# PromptGuard
.env
.env.local
*.bak
.promptguard.json  # If it contains API key

Alternative: Commit Config (without API key)

If you want to commit configuration but not the API key:

Remove api_key from .promptguard.json
Keep API key only in .env
Commit .promptguard.json

.promptguard.json (version controlled)

{
  "version": "1.0",
  "proxy_url": "https://api.promptguard.co/api/v1",
  "providers": ["openai"],
  "exclude_patterns": [...],
  "backup_enabled": true
}

.env (NOT version controlled)

PROMPTGUARD_API_KEY=pg_sk_test_xxxxx

Multi-Environment Setup

Development vs Production

# Development
.env.development
PROMPTGUARD_API_KEY=pg_sk_test_xxxxx

# Production
.env.production
PROMPTGUARD_API_KEY=pg_sk_prod_xxxxx

Configure the CLI to use the right env file:

{
  "env_file": ".env.development"  // or .env.production
}

CI/CD

In CI/CD, set the API key as an environment variable:

.github/workflows/deploy.yml

env:
  PROMPTGUARD_API_KEY: ${{ secrets.PROMPTGUARD_API_KEY }}

Advanced Patterns

Monorepo Setup

For monorepos with multiple projects:

monorepo/
├── packages/
│   ├── frontend/
│   │   └── .promptguard.json  ← Separate config
│   └── backend/
│       └── .promptguard.json  ← Separate config
└── .env                        ← Shared API key

Run CLI in each package:

cd packages/frontend
promptguard init --api-key $PROMPTGUARD_API_KEY

cd packages/backend
promptguard init --api-key $PROMPTGUARD_API_KEY

Custom Transformations

The CLI currently transforms baseURL/base_url. For custom transformations, consider:

Use promptguard init for base setup
Manually adjust additional settings
Use promptguard disable to preserve manual changes

Programmatic Access

Read configuration in your scripts:

const config = require('./.promptguard.json');
console.log('Proxy URL:', config.proxy_url);

import json

with open('.promptguard.json') as f:
    config = json.load(f)
print(f"Proxy URL: {config['proxy_url']}")

Configuration Validation

The CLI validates configuration on load:

API key format (pg_sk_test_* or pg_sk_prod_*)
Valid proxy URL (HTTPS)
Valid provider names
Valid glob patterns

Invalid config will show errors:

$ promptguard status
Error: Invalid API key format. Must start with 'pg_sk_test_' or 'pg_sk_prod_'

Reset Configuration

To completely reset:

# Remove all PromptGuard files
promptguard revert -y

# Re-initialize
promptguard init --api-key pg_sk_test_xxx

Getting Started

CLI & Editor Tools

Integration Guides

Security & Policies

Monitoring & Analytics

Advanced

Examples

Configuration

Configuration

Configuration File

Location

Structure

Configuration Options

Core Settings

Backup Settings

Environment Settings

Exclusion Patterns

Manual Configuration

Example: Custom Proxy URL

Example: Multiple Providers

Example: Custom Excludes

Environment Variables

`.env` File

Alternative: Shell Environment

Version Control

Recommended `.gitignore`

Alternative: Commit Config (without API key)

Multi-Environment Setup

Development vs Production

CI/CD

Advanced Patterns

Monorepo Setup

Custom Transformations

Programmatic Access

Configuration Validation

Reset Configuration

Next Steps

Commands

Troubleshooting

Getting Started

CLI & Editor Tools

Integration Guides

Security & Policies

Monitoring & Analytics

Advanced

Examples

​Configuration

​Configuration File

​Location

​Structure

​Configuration Options

​Core Settings

​Backup Settings

​Environment Settings

​Exclusion Patterns

​Manual Configuration

​Example: Custom Proxy URL

​Example: Multiple Providers

​Example: Custom Excludes

​Environment Variables

​.env File

​Alternative: Shell Environment

​Version Control

​Recommended .gitignore

​Alternative: Commit Config (without API key)

​Multi-Environment Setup

​Development vs Production

​CI/CD

​Advanced Patterns

​Monorepo Setup

​Custom Transformations

​Programmatic Access

​Configuration Validation

​Reset Configuration

​Next Steps

Commands

Troubleshooting

Configuration

Configuration File

Location

Structure

Configuration Options

Core Settings

Backup Settings

Environment Settings

Exclusion Patterns

Manual Configuration

Example: Custom Proxy URL

Example: Multiple Providers

Example: Custom Excludes

Environment Variables

`.env` File

Alternative: Shell Environment

Version Control

Recommended `.gitignore`

Alternative: Commit Config (without API key)

Multi-Environment Setup

Development vs Production

CI/CD

Advanced Patterns

Monorepo Setup

Custom Transformations

Programmatic Access

Configuration Validation

Reset Configuration

Next Steps